Lucene search
K

733 matches found

CVE
CVE
added 2026/04/17 2:30 p.m.13 views

CVE-2026-6496

The CVE concerns prasathmani TinyFileManager (up to v2.6). The vulnerable component is the POST Parameter Handler in /filemanager.php, where manipulating the file[] argument enables a path traversal. The issue is remote-exploitable and an exploit has been published. Impact is limited to path trav...

5.5CVSS5.6AI score0.00455EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/17 2:30 p.m.42 views

CVE-2026-6496 prasathmani TinyFileManager POST Parameter filemanager.php path traversal

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

5.5CVSS0.00455EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

TinyFileManager 安全漏洞

TinyFileManager is a web-based file manager developed by Prasathmani. It allows for online storage, uploading, editing, and management of files and folders through a web browser. Versions of TinyFileManager 2.6 and earlier contained security vulnerabilities, which stemmed from the handling of the...

5.5CVSS6.1AI score0.00455EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/05 10:11 p.m.3 views

Arbitrary File Upload

Overview unisharp/laravel-filemanager is an A file upload/editor intended for use with Laravel 5 to 6 and CKEditor / TinyMCE. Affected versions of this package are vulnerable to Arbitrary File Upload via the upload process. An attacker can execute arbitrary code by uploading a malicious file usin...

8.8CVSS6AI score0.00411EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/05 7:0 p.m.25 views

CVE-2026-5595 griptape-ai griptape FileManagerTool save_memory_artifacts_to_disk path traversal

A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the function loadfilesfromdisk/listfilesfromdisk/savecontenttofile/savememoryartifactstodisk of the component FileManagerTool. Such manipulation leads to path traversal. The attack may be...

6.5CVSS0.00339EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/03/26 11:18 a.m.130 views

Exploit for Improper Input Validation in Tecrail Responsive_Filemanager

POC-CVE-2020-10567 RCE poc - RESPONSIVE filemanager v.9.14.0...

9.8CVSS8.2AI score0.1929EPSS
Exploits5
Veracode
Veracode
added 2026/02/23 7:6 p.m.8 views

Arbitrary File Upload

Cadmium CMS is vulnerable to an Arbitrary File Upload. The vulnerability is due to insufficient validation and restriction in the /admin/content/filemanager/uploads functionality, which allows an attacker to upload malicious files and potentially execute arbitrary code on the server...

9.8CVSS6.1AI score0.00328EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.4 views

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

8.8CVSS6.1AI score0.00376EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 11:15 p.m.10 views

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

8.8CVSS0.00376EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/10 6:55 p.m.5 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/cmd/azmount/filemanager to version 2.12 or higher...

7.1CVSS5.5AI score0.00954EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/17 1:18 p.m.10 views

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS7.1AI score0.00571EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/16 3:31 p.m.17 views

Livewire Filemanager does not restrict uploaded file types

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS5.3AI score0.00571EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/01/16 3:31 p.m.7 views

GHSA-9G95-48C6-R778 Livewire Filemanager does not restrict uploaded file types

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

7.5CVSS5.3AI score0.00571EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/16 1:53 p.m.11 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

9.8CVSS6.6AI score0.00571EPSS
Exploits0References2
NVD
NVD
added 2026/01/16 1:16 p.m.9 views

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS0.00571EPSS
Exploits0References3
OSV
OSV
added 2026/01/16 1:16 p.m.4 views

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS5.3AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 12:43 p.m.7 views

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS5.5AI score0.00571EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/16 12:43 p.m.4 views

CVE-2025-14894 CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

6.7AI score0.00571EPSS
Exploits0References2
CVE
CVE
added 2026/01/16 12:43 p.m.37 views

CVE-2025-14894

CVE-2025-14894 concerns Livewire Filemanager used with Laravel. The component LivewireFilemanagerComponent.php reportedly skips file type and MIME validation, enabling Remote Code Execution via uploading a malicious PHP file that, if a storage link/setup is present, can be executed through the /s...

9.8CVSS6.7AI score0.00571EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/16 12:43 p.m.33 views

CVE-2025-14894 CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

0.00571EPSS
Exploits0References2
Rows per page
Query Builder